Vulnerabilities > Westerndigital
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-30 | CVE-2022-22996 | Uncontrolled Search Path Element vulnerability in Westerndigital products The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. | 6.9 |
| 2022-03-25 | CVE-2022-22995 | Link Following vulnerability in Westerndigital products The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. | 7.5 |
| 2022-01-28 | CVE-2022-22992 | Command Injection vulnerability in Westerndigital MY Cloud OS A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. | 10.0 |
| 2022-01-28 | CVE-2022-22993 | Server-Side Request Forgery (SSRF) vulnerability in Westerndigital MY Cloud OS A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. | 8.3 |
| 2022-01-28 | CVE-2022-22994 | Insufficient Verification of Data Authenticity vulnerability in Westerndigital MY Cloud OS A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. | 7.5 |
| 2022-01-13 | CVE-2022-22988 | Incorrect Permission Assignment for Critical Resource vulnerability in Westerndigital Edgerover 0.25 File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. | 6.4 |
| 2022-01-13 | CVE-2022-22989 | Out-of-bounds Write vulnerability in Westerndigital MY Cloud OS My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service. | 7.5 |
| 2022-01-13 | CVE-2022-22990 | Improper Authentication vulnerability in Westerndigital MY Cloud OS A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. | 8.3 |
| 2022-01-13 | CVE-2022-22991 | Command Injection vulnerability in Westerndigital MY Cloud OS A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. | 8.3 |
| 2021-06-29 | CVE-2021-35941 | Improper Authentication vulnerability in Westerndigital products Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472. | 5.0 |